Lucene search
HistoryDec 03, 2005 - 7:03 p.m.
CVE-2005-3974
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
6.6 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
75.3%
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the “access user profiles” permission.
Affected configurations
Node
drupaldrupalMatch4.5
ORdrupaldrupalMatch4.5.1
ORdrupaldrupalMatch4.5.2
ORdrupaldrupalMatch4.5.3
ORdrupaldrupalMatch4.5.4
ORdrupaldrupalMatch4.5.5
ORdrupaldrupalMatch4.6
ORdrupaldrupalMatch4.6.1
ORdrupaldrupalMatch4.6.2
ORdrupaldrupalMatch4.6.3
References
Related
cvelist
cvelist
CVE-2005-3974
2005-12-03 19:00:00
cve
cve
CVE-2005-3974
2005-12-03 19:03:00
ubuntucve
ubuntucve
CVE-2005-3974
2005-12-03 00:00:00
debian
debian
[SECURITY] [DSA 958-1] New drupal packages fix several vulnerabilities
2006-01-27 10:01:55
[SECURITY] [DSA 958-1] New drupal packages fix several vulnerabilities
2006-01-27 10:01:55
openvas
openvas
FreeBSD Ports: drupal
2008-09-04 00:00:00
Debian: Security Advisory (DSA-958-1)
2008-01-17 00:00:00
FreeBSD Ports: drupal
2008-09-04 00:00:00
osv
osv
drupal - several
2006-01-27 00:00:00
nessus
nessus
Debian DSA-958-1 : drupal - several vulnerabilities
2006-10-14 00:00:00
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
6.6 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
75.3%
Related for NVD:CVE-2005-3974